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REMARKS 



Claims 1-20 are currently active. 



Formal drawings will be provided when the application is allowed. 



The Examiner has rejected Claims 1,2, 13 and 14 as being anticipated by Segal. 
Applicant respectfully traverses this rejection. 

Segal does not teach a first inspection engine or a second inspection engine which 
receives traffic from the switch and which send desired traffic back to the switch. 



53 and firewall units 43, 45, 46, 47, 49 and 50. The firewall units comprise a shared list setting 
forth a plurality of lists of nodes and a set of access privileges for each listed node. See column 
2, lines 50-65. Segal teaches that a protocol for the network 40 would provide for lists sent by 
each node indicating which other nodes are permitted to receive from, and transmit to it, and 
what type of access they are allowed. This information is detected by each firewall unit which 
limits transmissions to the route only to their intended destinations. The firewall units have the 
capability to accept signals from the network for only certain defined purposes. The list of 
intended recipients can have any desired granularity. The situation can be improved upon by 
providing a set of firewall-type commands that include lists of which nodes, sources, networks 
are allowed to use certain destinations. These commands can be utilized by filtering devices 



Segal teaches a network 40 that comprises various subnetworks 42, 44, 48, 52 and 
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and/or security devices such as firewalls, and ingress nodes, switches, which would be informed 
which destination nodes, addresses, ports are permitted to which source nodes or networks. 
These filters and devices and/or security devices may be separate standalone components or the 
capability may be integrated into other possibly already existing devices. See column 3, lines 
20-45. 

Segal teaches that a network node has a memory 104 which includes software 
such as network protocol programs 106, and an allowable sender and recipient list 108 for 
transmissions. See column 3, lines 45-56. 

Segal teaches that a node originates a new list with access protection and updates 
the local list already with the node. The list is then encrypted and then transmitted to the security 
devices on the network. A node comprising a security device receives the encrypted list and then 
decrypts the received list. A decision is then made to determine whether the received list is 
newer than the local list. If it is, it is saved, and if it is not, it is discarded. See column 4, lines 1- 
20. 

There are several critical distinctions between applicant's claimed invention and 
Segal. There is the distinction that applicant's claimed invention requires a switch and at least 
two separate inspection engines, the first inspection engine and the second inspection engine. 
Both the first inspection engine and the second inspection engine receive traffic from the switch. 
Each inspection engine processes the traffic that it has received and determines whether it is 
desired traffic on undesired traffic. Each inspection engine prevents undesired traffic from 
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passing through it and sends the desired traffic back to the switch. Once the switch receives the 
desired traffic, it then sends it to their respective destination that corresponds to the inspection 
engine that processed the data. 

There is no teaching or suggestion whatsoever for such a specific architecture in 
Segal. What is critical to Segal is a list that tells each firewall which destination it can 
communicate with. For this reason alone, that there is no distributed processing of the traffic 
apart from the switch at an inspection engine that receives the traffic, and then returns only a 
desired portion of the traffic to the switch, Claims 1 and 13 are not anticipated by Segal. 

As is stated in the background of the above-identified patent application, 
hardware-based systems tend to be very fast, but don ! t deal well with very complex operations. 
Hence, software-based systems are still the norm, even with all their problems. In a system 
where a single processor that is fast enough, there's still the problem that if the processor dies, 
then the whole system grinds to a standstill. It is highly undesirable. One of the advantages of 
applicant's claimed invention is that the determination of whether the traffic is desirable or 
undesirable is determined at a separate inspection engine apart from the switch, where there are 
at least two inspection engines, so that if one inspection engine fails, the operation of the switch 
can still proceed, and even if necessary, use the second inspection engine. Segal does not 
recognize this whatsoever. 

Yet another critical distinction is that Segal teaches a list is created and circulated 
amongst the nodes which identifies to each of the nodes which destinations can or cannot receive 
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traffic from a given node. This list does not distinguish between desired and undesired traffic, 
but simply prevents all traffic from reaching a certain destination if that destination is on a list 
with respect to a given node. Thus, there is no teaching or suggestion of any type of inspection 
engine, let alone a first inspection engine and a second inspection engine, which are both 
connected to the switch which receive traffic from the switch, process the traffic to determine 
whether it is desired traffic or undesired traffic, which prevents undesired traffic from passing 
through the respective engine and which send desired traffic back to the switch. The switch then 
in turn, sends the desired traffic to the respective destination that has been processed by the 
respective engine. In fact, Segal is silent about whether traffic is desired or undesired and is 
completely unconcerned with separating the undesired traffic from the desired traffic that is to 
reach a given destination. For this reason also, Claims 1 and 13 are not anticipated by Segal. 

Accordingly, Claims 1,2, 13 and 14 are patentable over Segal. 

The Examiner has rejected Claims 3-12 and 15-20 as being unpatentable over 
Segal in view of Huang. Applicant respectfully traverses this rejection. 

Referring to Huang, there is disclosed a scalable switching network. There is no 
teaching or suggestion anywhere in regard to an inspection engine, let alone an inspection engine 
which processes the traffic to determine whether it is desired traffic or undesired traffic, and 
which prevents undesired traffic from passing through it and then sends the desired traffic back 
to the switch, as found in applicant's claimed invention. Huang has nothing to do with the 
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teachings of Segal in regard to the claimed invention. The Examiner is citing Huang for the 
teachings of port and connections to various nodes. 

Huang teaches various architectures that are based on a switching fabric of routers 
to implement a scalable switching network. The switching fabric supplies the connectivity. The 
routers supply the routing, maintenance, and administrative functions. Huang teaches various 
architectures such as the switching network 80 shown in figure 1. The other figures taught by 
Huang show different architectural configurations of a switching fabric. What is key though in 
regard to the teachings of Huang, is that they are all basically switches. However, applicant 
freely admits that he did not discover or invent the switch, or the various connectivities in a 
switching network. However, applicant's claimed invention depicts that applicant has separated 
the inspection engine from the switch and uses the switch to divert the traffic to the first 
inspection engine or the second to inspection engine for processing; and then receives back from 
the first inspection engine or the second inspection engine the desired traffic so the switch can 
send the desired traffic onto the first destination or the second destination depending on from 
which inspection engine the desired traffic came from. Thus, not only does Huang fail to even 
teach the first inspection engine but also fails to teach a second section engine as found in 
applicant's claimed invention. 

Accordingly, Claims 1 and 13 are in patentable over the applied art of record. 
Claims 3-12 are dependent to parent Claim 1 and are patentable for the reasons Claim 1 is 
patentable. 
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Claims 14-20 are dependent to parent Claim 13 and are patentable for the reasons 
Claim 13 is patentable. 

In view of the foregoing amendments and remarks, it is respectfully requested 
that the outstanding rejections and objections to this application be reconsidered and 
withdrawn, and Claims 1-20, now in this application be allowed. 



Respectfully submitted, 




Attorney for Applicant 



